A serious vulnerability in RubyGems, a package manager for the Ruby programming language, can be exploited to trick end users into installing malware from attacker-controlled gem servers, Trustwave researchers have discovered.
New versions of popular open source content management system Drupal are out, and fix a series of vulnerabilities, including a critical one that can result in an attacker taking over administrator accounts.
Bug bounty programs have become de rigueur for tech and Internet companies that want to improve the security of their products by (partly) outsourcing bug discovery.
Six researchers from Indiana University Bloomington, Peking University and Georgia Tech have recently published a paper in which they detail the existence of critical security weaknesses in Apple's OS X and iOS - weaknesses that could be exploited by a sandboxed malicious app to gain unauthorized access to other apps’ sensitive data.
Since I can first remember being interested in information security, my personal hacker heroes (and I’m using hacker positively here) were the researchers who discovered zero day software vulnerabilities and could create proof-of-concept exploits to demonstrate them.
Reading our newsletter every Monday will keep you up-to-date with security news.
Receive a daily digest of the latest security news.